Building OpenVPN server 2.3.4 with GOST ciphers support.

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
bayramgulov
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 29, 2014 2:03 pm

Building OpenVPN server 2.3.4 with GOST ciphers support.

Post by bayramgulov » Wed Oct 29, 2014 3:23 pm

Hi everyone.
I tried to build openvpn server with GOST ciphers support.
OS is CentOS 6.5:

Code: Select all

[root@openvpn bayramgulov]# uname -a
Linux openvpn 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Builded custom openssl from sources, and enabled GOST engine:

Code: Select all

[bayramgulov@openvpn ~]$ /opt/openssl-1.0.1j/bin/openssl version
OpenSSL 1.0.1j 15 Oct 2014
[bayramgulov@openvpn ~]$ /opt/openssl-1.0.1j/bin/openssl ciphers | tr ":" "\n" | grep -i gost
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89
Configuration line:

Code: Select all

[bayramgulov@openvpn openvpn-2.3.4]$ ./configure --prefix=/opt/openvpn-2.3.4 --enable-iproute2 --disable-plugin-auth-pam CFLAGS="-DALLOW_NON_CBC_CIPHERS" OPENSSL_SSL_LIBS="-L/opt/openssl-1.0.1j/lib -lssl" OPENSSL_SSL_CFLAGS="-I/opt/openssl-1.0.1j/include" OPENSSL_CRYPTO_LIBS="-L/usr/openssl-1.0.1j/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/usr/openssl-1.0.1j/include/" LZO_CFLAGS="-I/opt/lzo-2.08/include/" LZO_LIBS="-L/opt/lzo-2.08/lib/ -llzo2"
But after successfully building and installation openvpn doesn't see the GOST ciphers:

Code: Select all

[bayramgulov@openvpn openvpn-2.3.4]$ /opt/openvpn-2.3.4/sbin/openvpn --show-ciphers | grep -i gost
What i'm doing wrong?
Top
bayramgulov
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 29, 2014 2:03 pm

Re: Building OpenVPN server 2.3.4 with GOST ciphers support.

Post by bayramgulov » Thu Oct 30, 2014 7:41 am

Just in case, "version" output:

Code: Select all

[bayramgulov@openvpn Cert1]$ /opt/openvpn-2.3.4/sbin/openvpn --version
OpenVPN 2.3.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 29 2014
library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
Top
Post Reply

Return to “Scripting and Customizations”